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AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions, and listings, of 
claims in this application: 

1 1. (Currently Amended) A communications network security method comprising: 

2 identifying a plurality of routes that define the -a first communications network; 

3 identifying a plurality of hosts associated with the first communications network 

4 as a function of the plurality of routes; 

5 performing a census of the first communications network as a function of the 

6 plurality of hosts to determine a topology of the first communications network; 

7 probing at least one host of the plurality hosts of the first communications 

8 network by transmitting a packet to the host, the host being selected from the census 

9 results and the packet having at least a source address determined as a function of th e 

10 topolog y which is associated with a second communications network ; and 

1 1 determining a security characteristic of the probed host as a function of a response 

12 by the probed host in receiving the packet , the security characteristic being a measure of 

13 connectivity between the first communications network and the second communications 

14 network . 

1 2. (Currently Amended) The method of claim 1 wherein the source address is an 

2 IP address associated with a host external to the first communications network , and the 

3 external host being associated with the second communications network and the packet is 

4 constructed as a function of th e source address and an IP address a s sociated with the at 

5 lea s t one host . 

1 3. (Original) The method of claim 2 wherein the response of the probed host to 

2 the receipt of the packet includes transmitting a second packet, the second packet being 

3 derived using at least a portion of information from the received packet. 

1 4. (Cancelled) the performing the census operation furth e r comprises: 
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2 pinging a plurality of IP addr e sses to v e rify their respective validity , the plurality 

3 of IP addr e sse s b e ing id e ntifi e d from the plurality of routes; 

4 pinging particular hosts of th e plurality of hosts to verify thoir respective location 

5 in the topology of the communications network; 

6 performing at lea s t a first DNS lookup for at l e ast one of the particular ho s ts; and 

7 performing at least a s e cond DNS lookup across a communications channel, the 

8 communications channel serving to connect the communications n e twork with a n e twork 

9 external to th e communication s network, the second DNS lookup identifying a s pecific 
10 host of the plurality of hosts . 

1 5. (Currently Amended) The method of claim 2 wherein the first 

2 communications network and the second communications network have different security 

3 levels, and the measure of connectivity is a function of whether the probed host of the 

4 first communications network communicates with the external host associated with the 

5 second communications network. The m e thod of claim 3 wherein the probing the at least 

6 one host operation further compri s es: 

7 id e ntifying the IP address associat e d with the probed host from th e cen s us; and 

8 generating the pack e t as a function of th e IP address as s ociat e d with th e prob e d 

9 host and the IP addr e ss associated with a host e xternal to the communications n e twork. 



1 6. (Currently Amended) The method of claim 3-5_wherein the measure of 

2 connectivity is determinin g — determined the security charact e ristic op e ration further 

3 comprises by the further operation of : 

4 monitoring the probed host to determine the response, and if the response includes 

5 a transmission of a second packet from the probed host, generating a security alert 

6 message identifying the probed host as a security risk. 

1 7. (Currently Amended) The method of claim 3 wherein the s e cond packet is 

2 deriv e d using at least a portion of information from th e transmitted pack e t first 

3 communications network and the second communications network have different security 

4 levels. 
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1 8. (Currently Amended) The method of claim 3-3_wherein the transmitted packet 

2 is a TCP packe t which returns a TCP packet in response thereto . 

1 9. (Currently Amended) The method of claim S-3_wherein the second packet is a 

2 UDP packet or an ICMP packe t, which returns either a UDP packet or ICMP packet in 

3 response thereto . 

1 10. (Currently Amended) A method for analyzing network security of a first 

2 communications network, the method comprising: 

3 identifying a plurality of routes that define the communications network; 

4 id e ntifying a plurality of hosts internal to the communications network as a 

5 function of th e plurality of rout e s ; 

6 performin g- receiving a census of the first communications networ k as a function 

7 of the plurality of hosts to determine a topology of th e communications network ; 

8 transmitting a packet from a host e xternal to of the -a second communications 

9 network to a particular one host of the— a plurality of hosts internal to the first 

10 communications network, the internal host being selected from the census, and the packet 

1 1 being generated as a function of both an IP address associated with the host e xternal to of 

12 the second communications network and an IP address associated with the particular one 

13 internal host of th e plurality of hosts internal to the of the first communications network; 

14 and 

15 determining a security characteristic of the particular one internal host of the first 

16 communications network as a function of a response by the internal host to the receipt of 

17 the packe t, the security characteristic being a measure of connectivity between the first 

18 communications network and the second communications network . 

1 11. (Currently Amended) The method of claim 10 wherein the measure of 

2 connectivity is a function of whether the internal host of the first communications 

3 network communicates with the host of the second communications network, and the 
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4 measure of connectivity being the d e termining the security charact e ristic op e ration 

5 further comprises determined by the further operation of : 

6 monitoring the prob e d internal host to determine the response, and if the response 

7 includes a transmission of a second packet from the probed internal host, generating a 

8 security alert message identifying the probed internal host as a security risk. 

1 12. (Original) The method of claim 11 wherein the second packet is derived 

2 using at least a portion of information from the transmitted packet. 

1 13. (Cancelled) the p e rforming the census operation further comprises: 

2 pinging a plurality of IP addresses to verify their respective validity , th e plurality 

3 of IP address e s being identified from the plurality of routes; 

4 pinging particular hosts of the plurality of hosts to v e rify th e ir respectiv e location 

5 in th e topology of the communications network; 

6 performing at least a first DNS lookup for at least on e of the particular ho s ts; and 

7 p e rforming at least a s e cond DNS lookup across a communications channel, the 

8 communications channel s e rving to connect the communications network with a network 

9 ext e rnal to the communications n e twork, th e second DNS lookup identifying a specific 
10 host of th e plurality of hosts . 

1 14. (Currently Amended) The method of claim 12 wherein the prob e d internal 

2 host is a dual-homed host. 

1 15. (Currently Amended) The method of claim 11 wherein the security 

2 characteristic includes an indication that the prob e d internal host is outside any security 

3 measures provided by a firewall associated with the first communications network. 

1 16. (Currently Amended) A communications system comprising: 

2 a first plurality of computers associated with a first communications network; 

3 a second plurality of computers associated with a second communications 

4 network; and 
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5 a security host computer which determines a security characteristic of a first 

6 computer from the plurality of computers, the security characteristic being a measure of 

7 connectivity between the first communications network and the second communications 

8 network p e rforms a census of th e communications network as a function of th e first 

9 plurality of computers, and by pfebes- probing the first computer by transmitting a packet 

10 to the first computer, the first computer being selected from the-a^census festt&s- of the 

11 first communications network and the packet being generated as a function of both an IP 

12 address associated with a second computer of the second plurality of computers and an IP 

13 address associated with the first computer, and determining a s e curity l e v e l associat e d the 

14 measure of connectivity with the first computer as a function of a response of the first 



15 computer to receiving the packet. 

1 17. (Original) The communications system of claim 16 wherein the security host 

2 computer is associated with the first communications network. 

1 18. (Currently Amended) The communications system of claim 17 wherein the 

2 response of the first computer to the receipt of the packet includes transmitting a second 

3 packet, the second packet being derived using at least a portion of information from the 

4 received packet. 

1 19. (Currently Amended) The communications system of claim 18 wherein the 

2 security host computer determines the measure of connectivity security characteristic by 

3 monitoring the probed first computer to determine the response, and if the response 

4 includes a -the transmission of the second packet from the probed host, generating a 

5 security alert message identifying the first computer as a security risk. 

1 20. (Amended) The communications system of claim 17 wherein the first 

2 communications network is an intranet and the second communications network is an 

3 Interne t, and the first communications network and the second communications network 

4 have different security levels . 
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1 21. (Currently Amended) A security host computer comprising: 

2 means for performing a census of a first communications network and 

3 determining a topology of a^ the first communications network, the topology being 

4 defined by at least one computer, 

5 means for probing the at least one computer by transmitting a packet to the 

6 computer, the computer being selected from the census results and the packet being 

7 generated as a function of the topology, an IP address associated with a particular host 

8 computer associated with a second communications network and an IP address associated 

9 with the computer, the second communications network being separate from the first 

10 communications network; and 

11 a monitor for determining a security level of the computer as a function of a 

12 response by the computer to the receipt of the packe t, and the security level being a 

13 measure of connectivity between the first communications network and the second 

14 communications network . 

1 22. (Currently Amended) The security host computer of claim 21 wherein the 

2 measure of connectivity is determined by the monitor momtors monitoring the computer^ 

3 to determine the response, and if the response includes a transmission of a second packet 

4 from the computer, a security alert message identifying the computer as a security risk is 

5 generated. 

1 23. (Currently Amended) The security host computer of claim 22 wherein the 

2 security l e vel is determined with resp e ct to a fir e wall locat e d between the first 

3 communications network and the second communications networ k have different security 

4 levels . 

1 24. (Currently Amended) A machine-readable medium having stored thereon a 

2 plurality of instructions, the plurality of instructions including instructions that, when 

3 executed by a machine, cause the machine to perform of a method for identifying 

4 aanalvzing a first communications network's integrity plurality of routes that defin e the 

5 communications network; identifying a plurality of hosts as a function of the plurality of 
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6 rout e s; p e rformin g- bv receiving a census of the first communications network-as-a 

7 function of the plurality of hosts to determine a topology of th e communications network ; 

8 probing at least on e host of the plurality hosts a host by transmitting a packet to the host, 

9 the host being selected from the census results and the packet being derived as a function 

10 of the-a_topology of the first communications networ k and the packet having a source 

1 1 address which is associated with a second communications network ; and determining a 

12 security characteristic of the probed host the first communications network's integrity as 

13 a function of a response by the probed host in receiving the packet. 

1 25. (Currently Amended) The machine-readable medium of claim 24 furth e r 

2 comprising instructions that, wh e n executed by a machine, caus e the machine to perform 

3 th e probing th e at l e ast one host op e ration by identifying the IP address associat e d with 

4 the probed host from the census; and generating the packet as a function of the IP addr e ss 

5 associated with the probed host and the IP address associated with a host external to the 

6 communications network wherein the response indicates a measure of connectivity 

7 between the first communications network communicates and the second 

8 communications network . 

1 26. (Original) The machine-readable medium of claim 25 wherein the response of 

2 the probed host to the receipt of the packet includes transmitting a second packet, the 

3 second packet being derived using at least a portion of information from the received 

4 packet. 



1 27. (Currently Amended) The machine-readable medium of claim 26 wherein the 

2 first communications network is an intranet, and the ext e rnal host is associated 

3 wf&second communications network is an Internet. 
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